#!/usr/bin/env python
# -*- coding: utf-8 -*-
import socket,argparse,sys,requests,urlparse
from json_parse import Jsonparse

class Weblogic(object):
    def __init__(self, ip, port, level):
        self.ip = ip
        self.port = port
        self.level = level
    def run(self):
        url = 'http://'+str(self.ip)+':'+str(self.port)
        doOne(url)

def doSendOne(ip,port,data):
    sock=None
    res=None
    try:
        sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
        sock.settimeout(7)
        server_addr = (ip, int(port))
        sock.connect(server_addr)
        sock.send(data)
        print(data)
        res = sock.recv(20)
        print(res)
        if b'GIOP' in res:
            return True
    except Exception as e:
        print(e)
        exit(-1)
        pass
    finally:
        if sock!=None:
            sock.close()
    return False
g_bPipe=False
def doOne(url):
    global g_bPipe
    oH=urlparse.urlparse(url)
    a=oH.netloc.split(':')
    port=80
    if 2 == len(a):
        port=a[1]
    elif 'https' in oH.scheme:
        port=443
    if doSendOne(a[0],port,bytearray.fromhex('47494f50010200030000001700000002000000000000000b4e616d6553657276696365').decode()):
        print('found CVE-2020-2551 ', oH.netloc)
        exit(233)
    elif g_bPipe == False:
        print('not found CVE-2020-2551 ', oH.netloc)
        exit(1)


if __name__=="__main__":
    jsonfile = sys.argv[1] + '\\poc\\lib\\config.json'
    jsonobj = Jsonparse(jsonfile)
    jsondata = jsonobj.parse()
    target = sys.argv[2]
    timeout = jsondata['timeout']
    port = sys.argv[3]
    scan = Weblogic(target, port, timeout) 
    scan.run()